<?xml version="1.0" encoding="UTF-8"?><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="Signature-Id-52043e85-233a-4b03-9339-9194953173c3">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<ds:Reference Id="Reference-Id-b9193c68-f184-4331-aed3-bbeb471a2b79" Type="http://uri.etsi.org/01903#SignedProperties" URI="#Signed-Properties-Id-4ff6d0b3-584b-4297-89b0-793ff00f37a8">
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>wlaAcZKVNZgLqGoYtuGRDv99W9p2Vt2yfR6OJNwr2VM=</ds:DigestValue>
</ds:Reference>
<ds:Reference Id="Reference-Id-d492a916-52de-4d48-8703-c208e771849b" URI="#Object-Id-aac62ae7-7431-4b97-8449-bed38724903b">
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>KYFVIohebyDuvqA11QOvvUmvVXqniThSWADEyaa6FX4=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue Id="Signature-Value-Id-af300711-d063-46a0-9dd4-ab4d6001515e">NYL9g+pnT8xbTa/m9rFuj4Ry5WDYWunpDphokYlxe/OvWATZBS7vAUKHJiVW+qAsa1eKrwsHbSa5
H8sC+nIjSfovymp1yKTPZkf+SmvHLSZZ3WzfxquuLCFI68tN3vxgfcmFQbrpsffjufM9zGW0/ZIf
bQXy3FkY3gxjr474m8q+vmVRiequRXTQaREjkL21Bw7upTuy8xvBdvK/P3d9+OUQNCBvs7ereeVv
4wrn31/5czNMNadhdJyQPrC1/j1fte+WPjQ5NXObSCbn7SfJyhSGvcJslEb3hyvzmtkJ/JQF2p4a
f2vGBPFjw58UUBPNR0eTHwyaFfzlGZZQ1MJdaQ==</ds:SignatureValue>
上面的xml是用电子签名程序生成的。我正在尝试用 Java 代码做同样的事情。我没有弄清楚 SignatureValue 是如何计算的。我已经尝试过了,但结果不同。(生成的signatureValue不同)
1- Canonicalize the SignedInfo
2- Digest the result with SHA-256
3- Sign the result with private key. (Using same private key as the program uses)
代码很糟糕:
org.apache.xml.security.Init.init();
Canonicalizer canon = Canonicalizer.getInstance("http://www.w3.org/TR/2001/REC-xml-c14n-20010315");
byte[] content = Util.getContent("test.xml");
byte canonXmlBytes[] = canon.canonicalize(content);
System.out.println(new String(canonXmlBytes));
byte[] digestSHA256 = Util.digestSHA256(canonXmlBytes);
//sign digestSHA256 with private key (smartcard private key)
test.xml 包含
<ds:SignedInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<ds:Reference Id="Reference-Id-b9193c68-f184-4331-aed3-bbeb471a2b79" Type="http://uri.etsi.org/01903#SignedProperties" URI="#Signed-Properties-Id-4ff6d0b3-584b-4297-89b0-793ff00f37a8">
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>wlaAcZKVNZgLqGoYtuGRDv99W9p2Vt2yfR6OJNwr2VM=</ds:DigestValue>
</ds:Reference>
<ds:Reference Id="Reference-Id-d492a916-52de-4d48-8703-c208e771849b" URI="#Object-Id-aac62ae7-7431-4b97-8449-bed38724903b">
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>KYFVIohebyDuvqA11QOvvUmvVXqniThSWADEyaa6FX4=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>